diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-08-11 12:02:30 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-08-11 12:02:30 +0000 |
commit | 4e5ba442189d704deaaa1a922bbcaf5c28e9de40 (patch) | |
tree | c7c856ae7b821d3c49d33f8fd65963cba272ea96 /puppet/services | |
parent | 13668d83ba1e04b8935c469f7916c45de6f300a8 (diff) | |
parent | 74e7e674591ec7a9a90ca8ee035576438271d7ff (diff) |
Merge "Move HAProxy's public TLS logic from controller to service template"
Diffstat (limited to 'puppet/services')
-rw-r--r-- | puppet/services/haproxy.yaml | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index a37135da..6b2d028f 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -57,6 +57,16 @@ parameters: MonitoringSubscriptionHaproxy: default: 'overcloud-haproxy' type: string + SSLCertificate: + default: '' + description: > + The content of the SSL certificate (without Key) in PEM format. + type: string + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string InternalTLSCAFile: default: '/etc/ipa/ca.crt' type: string @@ -68,6 +78,14 @@ parameters: description: Specifies the default CRL PEM file to use for revocation if TLS is used for services in the internal network. +conditions: + + public_tls_enabled: + not: + equals: + - {get_param: SSLCertificate} + - "" + resources: HAProxyPublicTLS: @@ -98,8 +116,6 @@ outputs: monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy} config_settings: map_merge: - - get_attr: [HAProxyPublicTLS, role_data, config_settings] - - get_attr: [HAProxyInternalTLS, role_data, config_settings] - tripleo.haproxy.firewall_rules: '107 haproxy stats': dport: 1993 @@ -115,6 +131,12 @@ outputs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] - get_attr: [HAProxyInternalTLS, role_data, certificates_specs] + - if: + - public_tls_enabled + - tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath} + - {} + - get_attr: [HAProxyPublicTLS, role_data, config_settings] + - get_attr: [HAProxyInternalTLS, role_data, config_settings] step_config: | include ::tripleo::profile::base::haproxy upgrade_tasks: |